Mitigating email SPAM attacks
Abstract
The present disclosure relates to mitigating email spam attacks. A gateway is configured to receive mail from one or more mail systems. If mail is intended for delivery to an invalid address, the gateway can generate status messages for delivery to the mail systems or determine if a threshold for delivery attempts to the invalid address has been met. If the threshold has been met, the gateway can request creation of a honeypot email address, and future mail intended for delivery to the invalid address are delivered to a mailbox associated with the honeypot email address. Various actions can be taken with respect to the mail delivered to the honeypot email address including analysis, blacklisting of senders, and/or other actions.
Claims
exact text as granted — not AI-modifiedI claim:
1. A method comprising:
receiving, at a gateway comprising a processor and from a mail system, an email message;
determining, by the gateway and based upon an analysis of the email message, destination addresses associated with the email message, wherein the destination addresses include a recipient email address;
accessing, by the gateway, user data that comprises a list of email addresses associated with an internet service provider, wherein the list of email addresses comprises valid email addresses, expired email addresses, and invalid email addresses;
querying, by the gateway, the user data to determine if the recipient email address is valid; and
in response to a determination that the recipient email address is invalid
determining, by the gateway and based upon a configuration file, a number of times delivery of email messages to the recipient email address has been attempted,
determining, by the gateway, if the number of times meets a delivery attempt threshold associated with the recipient email address, the delivery attempt threshold comprising a number of message delivery attempts within a specified time period,
in response to a determination that the number of times meets the delivery attempt threshold, requesting, by the gateway, creation of a honeypot email address comprising the recipient email address,
receiving, by the gateway, a further email message that is addressed to the recipient email address, and
delivering, by the gateway, the further email message to a mailbox associated with the honeypot email address, whereby a sender of the further email message is not informed that the recipient email address is invalid.
2. The method of claim 1 , further comprising storing data identifying the honeypot email address at a data storage location accessible by the gateway.
3. The method of claim 1 , further comprising:
analyzing the further email message delivered to the mailbox associated with the honeypot email address to determine content of the further email message; and
determining that the further email message comprises a spam message based upon the content determined.
4. The method of claim 1 , further comprising:
analyzing the further email message delivered to the mailbox associated with the honeypot email address; and
updating a spam filter to include data identifying the sender of the further email message.
5. The method of claim 1 , further comprising:
analyzing the further email message delivered to the mailbox associated with the honeypot email address to determine content of the further email message; and
updating a spam filter to include data corresponding to the content.
6. The method of claim 3 , wherein the honeypot email address comprises a domain name associated with the internet service provider, and wherein an email address of the sender comprises the domain name.
7. The method of claim 1 , further comprising:
scanning the mailbox associated with the honeypot email address;
counting a number of email messages deposited in the mailbox;
determining, based partially upon the number of email messages, a filtration rate for spam messages.
8. The method of claim 7 , wherein the filtration rate is used to measure effectiveness of spam filtration.
9. A computer storage medium having computer-executable instructions stored thereon that, when executed by a processor, cause the processor to perform operations comprising:
receiving, from a mail system, an email message;
determining, based upon an analysis of the email message, destination addresses associated with the email message, wherein the destination addresses include a recipient email address;
accessing user data that comprises a list of email addresses associated with an internet service provider, wherein the list of email addresses comprises valid email addresses, expired email addresses, and invalid email addresses;
querying the user data to determine if the recipient email address is valid;
in response to a determination that the recipient email address is invalid
determining, based upon a configuration file, a number of times delivery of email messages to the recipient email address has been attempted,
determining if the number of times meets a delivery attempt threshold associated with the recipient email address, the delivery attempt threshold comprising a number of message delivery attempts within a specified time period,
in response to a determination that the number of times meets the delivery attempt threshold, requesting creation of a honeypot email address comprising the recipient email address;
receiving a further email message that is addressed to the recipient email address; and
delivering the further email message to a mailbox associated with the honeypot email address, whereby a sender of the further email message is not informed that the recipient email address is invalid.
10. The computer storage medium of claim 9 , wherein the computer-executable instructions, when executed by the processor, cause the processor to perform operations comprising:
analyzing the further email message delivered to the mailbox associated with the honeypot email address to identify content of the further email message; and
determining that the further email message comprises a spam message based upon the content identified.
11. The computer storage medium of claim 9 , wherein the computer-executable instructions, when executed by the processor, cause the processor to perform operations further comprising:
scanning the mailbox associated with the honeypot email address;
counting a number of email messages deposited in the mailbox;
determining, based partially upon the number of email messages, a filtration rate for spam messages.
12. The computer storage medium of claim 11 , wherein the filtration rate is used to measure effectiveness of spam filtration.
13. A system comprising:
a processor; and
a memory that stores computer-executable instructions that, when executed by the processor, cause the processor to perform operations comprising
receiving, from a mail system, an email message,
determining, based upon an analysis of the email message, destination addresses associated with the email message, wherein the destination addresses include a recipient email address,
accessing user data that comprises a list of email addresses associated with an internet service provider, wherein the list of email addresses comprises valid email addresses, expired email addresses, and invalid email addresses,
querying the user data to determine if the recipient email address is valid,
in response to a determination that the recipient email address is invalid
determining, based upon a configuration file, a number of times delivery of email messages to the recipient email address has been attempted,
determining if the number of times meets a delivery attempt threshold associated with the recipient email address, the delivery attempt threshold comprising a number of message delivery attempts within a specified time period,
in response to a determination that the number of times meets the delivery attempt threshold, requesting creation of a honeypot email address comprising the recipient email address,
receiving a further email message that is addressed to the recipient email address, and
delivering the further email message to a mailbox associated with the honeypot email address, whereby a sender of the further email message is not informed that the recipient email address is invalid.
14. The system of claim 13 , wherein the computer-executable instructions, when executed by the processor, cause the processor to perform operations further comprising:
analyzing the further email message delivered to the mailbox associated with the honeypot email address to identify content of the further email message; and
determining that the further email message comprises a spam message based upon the content identified.
15. The system of claim 13 , wherein the computer-executable instructions, when executed by the processor, cause the processor to perform operations further comprising:
scanning the mailbox associated with the honeypot email address;
counting a number of email messages deposited in the mailbox;
determining, based partially upon the number of email messages, a filtration rate for spam messages.
16. The system of claim 15 , wherein the filtration rate is used to measure effectiveness of spam filtration.Cited by (0)
No later patents cite this yet.
References (0)
No backward citations on record.